Buffer overflow : DATAC RealWin SCADA Server On_FC_CONNECT_FCS_a

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.902528

Categoría: Buffer overflow

Título: DATAC RealWin SCADA Server On_FC_CONNECT_FCS_a_FILE Buffer Overflow Vulnerability

Resumen: DATAC RealWin SCADA Server is prone to a buffer overflow vulnerability.

Descripción: Summary:
DATAC RealWin SCADA Server is prone to a buffer overflow vulnerability.

Vulnerability Insight:
The flaw is due to a boundary error when processing various
On_FC_BINFILE_FCS_*FILE packets, which can be exploited to cause a stack
based buffer overflow by sending specially crafted packets to port 910.

Vulnerability Impact:
Successful exploitation may allow remote attackers to execute
arbitrary code in the context of the application. Failed exploit attempts will
cause a denial-of-service condition.

Affected Software/OS:
DATAC RealFlex RealWin 2.1 (Build 6.1.10.10) and prior.

Solution:
No known solution was made available for at least one year since the disclosure
of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer
release, disable respective features, remove the product or replace the product by another one.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-1563
BugTraq ID: 46937
http://www.securityfocus.com/bid/46937
http://www.exploit-db.com/exploits/17025
http://aluigi.org/adv/realwin_2-adv.txt
http://aluigi.org/adv/realwin_3-adv.txt
http://aluigi.org/adv/realwin_4-adv.txt
http://aluigi.org/adv/realwin_5-adv.txt
http://aluigi.org/adv/realwin_7-adv.txt
http://aluigi.org/adv/realwin_8-adv.txt
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-04.pdf
http://secunia.com/advisories/43848
http://securityreason.com/securityalert/8176
http://www.vupen.com/english/advisories/2011/0742

Copyright Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.902528
Categoría:	Buffer overflow
Título:	DATAC RealWin SCADA Server On_FC_CONNECT_FCS_a_FILE Buffer Overflow Vulnerability
Resumen:	DATAC RealWin SCADA Server is prone to a buffer overflow vulnerability.
Descripción:	Summary: DATAC RealWin SCADA Server is prone to a buffer overflow vulnerability. Vulnerability Insight: The flaw is due to a boundary error when processing various On_FC_BINFILE_FCS_*FILE packets, which can be exploited to cause a stack based buffer overflow by sending specially crafted packets to port 910. Vulnerability Impact: Successful exploitation may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause a denial-of-service condition. Affected Software/OS: DATAC RealFlex RealWin 2.1 (Build 6.1.10.10) and prior. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1563 BugTraq ID: 46937 http://www.securityfocus.com/bid/46937 http://www.exploit-db.com/exploits/17025 http://aluigi.org/adv/realwin_2-adv.txt http://aluigi.org/adv/realwin_3-adv.txt http://aluigi.org/adv/realwin_4-adv.txt http://aluigi.org/adv/realwin_5-adv.txt http://aluigi.org/adv/realwin_7-adv.txt http://aluigi.org/adv/realwin_8-adv.txt http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-04.pdf http://secunia.com/advisories/43848 http://securityreason.com/securityalert/8176 http://www.vupen.com/english/advisories/2011/0742
Copyright	Copyright (C) 2011 Greenbone AG